LocalNetwork
The network on "this side" of the IPsec tunnel. The
IPsec tunnel will be established between this net-
work and the remote network.
RemoteNetwork
The network connected to the remote gateway. The
IPsec tunnel will be established between the local
network and this network.
RemoteEndpoint
Specifies the IP address of the remote endpoint. This
is the address the security gateway will establish the
IPsec tunnel to. It also dictates from where inbound
IPsec tunnels are allowed. (Optional)
IKEAlgorithms
Specifies the IKE Proposal list used with the tunnel.
IPsecAlgorithms
Specifies the IPsec Proposal list used with the tun-
nel.
IKELifeTimeSeconds
The lifetime of the IKE connection in seconds.
Whenever it expires, a new phase-1 exchange will be
performed. (Default: 28800)
IPsecLifeTimeSeconds
The lifetime of the IPsec connection in seconds.
Whenever it's exceeded, a re-key will be initiated,
providing new IPsec encryption and authentication
session keys. (Default: 3600)
IPsecLifeTimeKilobytes
The lifetime of the IPsec connection in kilobytes.
(Default: 0)
EncapsulationMode
Specifies if the IPsec tunnel should use Tunnel or
Transport mode. (Default: Tunnel)
AuthMethod
Certificate or Pre-shared key.
PSK
Selects the Pre-shared key to use with this IPsec
Tunnel.
LocalIDType
Selects the type of Local ID to use. (Default: Auto)
LocalIDValue
Specify the local identity of the tunnel ID.
GatewayCertificate
Selects the certificate the security gateway uses to
authenticate itself to the other IPsec peer.
RootCertificates
Selects one or more root certificates to use with this
IPsec Tunnel.
IDList
Selects the identification list to use with this IPsec
Tunnel. An identification list is a list of the identities
that are allowed to establish a IPsec tunnel.
(Optional)
DHCPOverIPsec
Allow DHCP over IPsec from single-host clients.
(Default: No)
AddRouteToRemoteNet
Dynamically add route to the remote networks when
a tunnel is established. (Default: No)
PlaintextMTU
Specifies the size in bytes at which to fragment
plaintext packets (rather than fragmenting IPsec).
(Default: 1420)
OriginatorIPType
Specifies what IP address to use as source IP in e.g.
3.28.5. IPsecTunnel Chapter 3. Configuration Reference
126
To Next Page
Loading...
